Skip to content

Commit

Permalink
refactor: migrate to TypeScript (#88)
Browse files Browse the repository at this point in the history
* chore: migrate to ts

* refactor: complete migration

---------

Co-authored-by: fraxken <gentilhomme.thomas@gmail.com>
  • Loading branch information
fabnguess and fraxken authored Aug 18, 2024
1 parent 5c78bc4 commit f6a5f10
Show file tree
Hide file tree
Showing 22 changed files with 310 additions and 299 deletions.
7 changes: 0 additions & 7 deletions .eslintrc

This file was deleted.

57 changes: 28 additions & 29 deletions FLAGS.md
Original file line number Diff line number Diff line change
Expand Up @@ -35,11 +35,11 @@ Documentation: [npm-install](https://docs.npmjs.com/cli/install)

The package use a Node.js core package that allow to access the network. These core package are:

* \- http
* \- https
* \- net
* \- http2
* \- dgram
* http
* https
* net
* http2
* dgram

⚠️ This flag only work if the AST analysis as successfully retrieved all dependencies as expected.

Expand Down Expand Up @@ -80,20 +80,7 @@ Minified JavaScript code are commonly used by hacker to obfuscate the code to av
Example of minified code:


![](https://i.imgur.com/13Mxfb2.png)

⚠️ sometimes one line file are considered minified (we are working to fix this in the future).



Under the hood we use the npm package [is-minified-code](https://github.com/MartinKolarik/is-minified-code/).



Files can be found in the **Minified Files** list items of the left menu.


![](https://i.imgur.com/e8BbBeb.png)</details><details><summary>👀 hasMissingOrUnusedDependency</summary>
![](https://i.imgur.com/13Mxfb2.png)</details><details><summary>👀 hasMissingOrUnusedDependency</summary>

The package has a missing dependency (in package.json) or a dependency that is not used in the code (this may happen if the AST Analysis fail!)

Expand All @@ -109,7 +96,7 @@ Example: ISC OR GPL-2.0-with-GCC-exception.



Under the hood we use [conformance](https://github.com/cutenode/conformance#readme) to parse licenses !
Under the hood we use [@nodesecure/licenses-conformance](https://github.com/NodeSecure/licenses-conformance) to assert licenses conformance!

</details><details><summary>🐲 hasNativeCode</summary>

Expand All @@ -119,9 +106,9 @@ The package use native components (package, file, configuration) like **binding.

The flag is set to true if:

* \- One of the package file has an extension like .c, .cpp, .gyp (etc..)
* \- One of the package dependency is known for building native addons.
* \- The package.json file has the property "gypfile" set to **true**.
* One of the package file has an extension like .c, .cpp, .gyp (etc..)
* One of the package dependency is known for building native addons.
* The package.json file has the property "gypfile" set to **true**.

</details><details><summary>📜 hasNoLicense</summary>

Expand All @@ -135,10 +122,6 @@ The code and logic behind the detection is handled in the [npm-tarball-license-p

For more information on how license must be described in the package.json, please check the [npm documentation](https://docs.npmjs.com/files/package.json#license).



⚠️ we are working to stabilize this flag !

</details><details><summary>📦 hasScript</summary>

The package has pre and/or post script in the **package.json** file. These script will be executed before or after the installation of a dependency (this is useful for example to build native addons or similar things). However these script may be used to execute malicious code on your system.
Expand All @@ -148,7 +131,18 @@ The package has pre and/or post script in the **package.json** file. These scrip

</details><details><summary>🚨 Vulnerabilities</summary>

Vulnerabilities has been detected for the given package **version**. We are fetching vulnerabilities from the official [Node.js Security-WG repository](https://github.com/nodejs/security-wg)
Vulnerabilities has been detected for the given package **version**. We are fetching vulnerabilities from multiple sources using NodeSecure [vulnera](https://github.com/NodeSecure/vulnera).



Available source are

* GitHub Audit (previously NPM Audit)
* Sonatype DB
* Snyk
* Node.js Security-WG DB **(DEPRECATED)**

We currently working to implement NVD and [OSV](https://osv.dev/).

</details><details><summary>⚠ hasWarnings</summary>

Expand Down Expand Up @@ -180,6 +174,11 @@ Indicate that the package is **also used somewhere else in the dependency tree**
The project has been detected as a GIT repository. Sometimes a dependency on the package.json link to a GIT repository, example:



`{ "dependencies": { "zen-observable": "^0.8.15", "nanoid": "github:ai/nanoid", "js-x-ray": "git://github.com/NodeSecure/js-x-ray.git", "nanodelay": "git+ssh://git@github.com:ai/nanodelay.git", "nanoevents": "git+https://github.com/ai/nanoevents.git" } }`


![](https://i.imgur.com/ww4UtyR.png)

Because under the hood we use [pacote](https://github.com/npm/pacote#readme) to fetch and extract packages we are supporting this given pattern.
Expand All @@ -196,4 +195,4 @@ This can happen, for example, when the package uses **tags** such as:
* @beta
* @next

</details>
</details>
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@

## Requirements

- [Node.js](https://nodejs.org/en/) v18 or higher
- [Node.js](https://nodejs.org/en/) v20 or higher

## Getting Started

Expand Down
3 changes: 3 additions & 0 deletions eslint.config.mjs
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
import { typescriptConfig } from "@openally/config.eslint";

export default typescriptConfig();
2 changes: 0 additions & 2 deletions index.d.ts

This file was deleted.

2 changes: 0 additions & 2 deletions index.js

This file was deleted.

115 changes: 58 additions & 57 deletions package.json
Original file line number Diff line number Diff line change
@@ -1,57 +1,58 @@
{
"name": "@nodesecure/flags",
"version": "2.4.0",
"description": "NodeSecure security flags",
"scripts": {
"test": "node --test test/",
"coverage": "c8 -r html npm test",
"lint": "eslint index.js",
"generateFlags": "node scripts/generateFlags.js"
},
"repository": {
"type": "git",
"url": "git+https://github.com/NodeSecure/flags.git"
},
"keywords": [
"nodesecure",
"flags",
"documentation"
],
"exports": {
".": {
"import": "./index.js"
},
"./web": {
"types": "./web.d.ts",
"import": "./src/web.js"
},
"./package.json": "./package.json"
},
"types": "./index.d.ts",
"modes": {
"web": "src/web.js"
},
"author": "GENTILHOMME Thomas <gentilhomme.thomas@gmail.com>",
"files": [
"index.d.ts",
"index.js",
"web.d.ts",
"src",
"FLAGS.md"
],
"license": "MIT",
"bugs": {
"url": "https://github.com/NodeSecure/flags/issues"
},
"homepage": "https://github.com/NodeSecure/flags#readme",
"devDependencies": {
"@nodesecure/eslint-config": "^1.8.0",
"c8": "^10.1.2",
"eslint": "^9.9.0",
"turndown": "^7.1.2"
},
"type": "module",
"engines": {
"node": ">=18"
}
}
{
"name": "@nodesecure/flags",
"version": "2.4.0",
"description": "NodeSecure security flags",
"scripts": {
"test": "glob -c \"tsx --test\" \"./test/**/*.spec.ts\"",
"coverage": "c8 -r html npm test",
"lint": "eslint index.js",
"generateFlags": "tsx scripts/generateFlags.js"
},
"repository": {
"type": "git",
"url": "git+https://github.com/NodeSecure/flags.git"
},
"keywords": [
"nodesecure",
"flags",
"documentation"
],
"exports": {
".": {
"import": "./index.js"
},
"./web": {
"types": "./web.d.ts",
"import": "./src/web.js"
},
"./package.json": "./package.json"
},
"types": "./dist/index.d.ts",
"modes": {
"web": "src/web.js"
},
"author": "GENTILHOMME Thomas <gentilhomme.thomas@gmail.com>",
"files": [
"dist"
],
"license": "MIT",
"bugs": {
"url": "https://github.com/NodeSecure/flags/issues"
},
"homepage": "https://github.com/NodeSecure/flags#readme",
"devDependencies": {
"@openally/config.eslint": "^1.0.0",
"@openally/config.typescript": "^1.0.3",
"@types/node": "^22.2.0",
"@types/turndown": "^5.0.5",
"c8": "^10.1.2",
"glob": "^11.0.0",
"tsx": "^4.17.0",
"turndown": "^7.1.2",
"typescript": "^5.5.4"
},
"type": "module",
"engines": {
"node": ">=20"
}
}
36 changes: 0 additions & 36 deletions scripts/generateFlags.js

This file was deleted.

50 changes: 50 additions & 0 deletions scripts/generateFlags.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
// Import Node.js Dependencies
import path from "node:path";
import fs from "node:fs/promises";
import { fileURLToPath } from "node:url";

// Import Third-party Dependency
import TurndownService from "turndown";

// CONSTANTS
const __dirname = path.dirname(fileURLToPath(import.meta.url));
const kRootPath = path.join(__dirname, "..");

const turndownService = new TurndownService();

turndownService.addRule("h1", {
filter: "h1",
replacement: (content) => `<summary>${content}</summary>`
});
turndownService.addRule("div", {
filter: "div",
replacement: (content) => `<details>${content}</details>`
});

const { flags, headerTemplate } = await loadHTMLs();
await fs.writeFile(
path.join(kRootPath, "FLAGS.md"),
headerTemplate.concat(
turndownService.turndown(flags)
)
);

async function loadHTMLs() {
const HTMLFlagsLocation = path.join(kRootPath, "src", "flags");
const HTMLFlagsEntries = await fs.readdir(HTMLFlagsLocation);

const [headerTemplate, ...HTMLFlagsFiles] = await Promise.all([
fs.readFile(
path.join(__dirname, "template", "flagDocHeader.md"),
"utf-8"
),
...HTMLFlagsEntries.map(
(file) => fs.readFile(path.join(HTMLFlagsLocation, file), "utf-8")
)
]);

return {
flags: HTMLFlagsFiles.join(""),
headerTemplate
}
}
2 changes: 2 additions & 0 deletions src/index.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
export * from "./node.js";
export * from "./web.js";
13 changes: 10 additions & 3 deletions src/manifest.js → src/manifest.ts
Original file line number Diff line number Diff line change
@@ -1,6 +1,13 @@
/* eslint-disable max-len */
export type FlagDescriptor = {
/** An emoji to visually identify the anomaly **/
emoji: string;
/** Title (or name) of the flag **/
title: string;
/** Short description/warning of the anomaly **/
tooltipDescription: string;
};
export type Flag = keyof typeof FLAGS | (string & {});

/** @type {flags.Manifest} **/
export const FLAGS = {
externalCapacity: {
emoji: "🌍",
Expand Down Expand Up @@ -92,4 +99,4 @@ export const FLAGS = {
title: "isDuplicated",
tooltipDescription: "The package is also used somewhere else in the dependency tree but with a different version"
}
};
} satisfies Record<string, FlagDescriptor>;
2 changes: 0 additions & 2 deletions src/node.d.ts

This file was deleted.

Loading

0 comments on commit f6a5f10

Please sign in to comment.